Without getting complicated, OneLogin, Okta, Centrify, Microsoft, RSA SecureID Access, SalesForce App Cloud, and even more basic password managers store user identities, and login information. Using these services means that users only need to remember one password and all of their other logins are handled for them.

The most important thing about the OneLogin breach: It affects you and everyone else, not just the 2000 customers of OneLogin.

If you store information in the cloud, including information your customers entrust to you, and if your cloud provider uses OneLogin internally, then your sensitive information could possibly be accessible as well. Cloud based service providers you use every day might use identity management.

This is another example of how someone else’s breach can hurt you, including exposing your customers’ sensitive information.

The big question is: How long have attackers had access? Thank goodness OneLogin at least identified that they’d been breached. Are any other identity management firms breached and don’t yet realize it? What are attackers accessing around the world using stolen passwords?

Please forward this to anyone you know who may not realize that these single points of failure, holding login information for many services that even your service providers may use internally, are very attractive targets for attackers. One successful attack results in a goldmine of information, including yours.

This applies to everyone, not just Gmail users. A researcher at Hold Security bought 272 million stolen passwords on the dark web. Some of the credentials were for Gmail. This is not Google’s fault. Whether you use Gmail or not, everyone, if they haven’t already, needs to enable Continue reading ‘Gmail Passwords Stolen, Possibly Millions of Them’

Password attacks against businesses happen all the time. You may find it interesting to see the list of usernames that attackers guess are on your system, and how many passwords they try for each username. Continue reading ‘Anatomy of a Password Attack’